DILMET

Privacy Policy

Home > Privacy Policy
1. About Us

Dilmet Holdings W.L.L is a Bahraini-registered data and technology company innovating within the fields of fintech, decentralized finance (DeFi), and artificial intelligence. Our flagship solutions, such as BIO Wallet and Personal DAO, are designed to empower individuals and organizations with secure, intelligent, and user-centric financial tools. For the purposes of applicable data protection laws, Dilmet acts as the data controller in relation to the personal data we collect and process.

2. Information We Collect

We collect and process a variety of personal data to deliver and improve our services. This may include:

  • Identification Data: Full name, date of birth, nationality, and identification documents such as national ID or passport numbers.
  • Contact Information: Email address, mobile number, and residential address.
  • Biometric Data: When using BIO Wallet, we may collect facial recognition scans, fingerprints, or iris scans, strictly for authentication and security purposes. This is considered sensitive data under the PDPL and special category data under the GDPR.
  • Financial Data: Tokenized bank card details, transaction histories, linked account data, and payment behavior.
  • Technical and Behavioral Data: Device information, browser type, IP address, usage activity, and geolocation data (when permitted).

We collect this data directly from you when you register, use our products, or engage with our support channels, as well as automatically through cookies and analytics tools.

3. Purpose of Data Collection

We collect your personal data for a range of lawful purposes, including:

  • To provide, operate, and maintain our services, including transaction processing, identity verification, and digital asset management.
  • To ensure security through biometric authentication and fraud detection systems.
  • To comply with legal obligations under Bahrain’s financial regulations, anti-money laundering (AML), and know-your-customer (KYC) requirements.
  • To analyze platform performance and user behavior in order to improve our services and user experience.
  • To communicate with you regarding account activity, updates, promotions (if consented), and policy changes.
  • To conduct research and development activities aimed at enhancing the performance and capabilities of BIO Wallet and Personal DAO.

We never collect more information than is necessary for the intended purpose, and we never use your data for unrelated or unlawful activities.

4. Legal Basis for Processing

Under the PDPL and GDPR, we are required to have a legal basis for processing your data. Our processing activities rely on the following grounds:

  • Consent: Where you have given clear permission for us to process your personal data for a specific purpose.
  • Contractual Necessity: To fulfill a contract with you, such as delivering financial services or verifying your identity.
  • Legal Obligation: To comply with applicable laws and regulatory requirements in Bahrain and abroad.
  • Legitimate Interest: When processing is necessary for our legitimate business interests, provided that such interests do not override your data protection rights.
  • Vital Interests: In exceptional cases, we may process data to protect someone’s life or safety.
  • Public Task: Where we are required to carry out processing in the public interest or for official functions.
5. Data Sharing and Disclosure

We do not sell your personal data. However, we may share your data with third parties under specific conditions, including:

  • With financial institutions and open banking partners for transaction processing.
  • With regulatory bodies such as the Central Bank of Bahrain, in accordance with legal obligations.
  • With third-party service providers who assist in biometric verification, cloud hosting, cybersecurity, and customer service. These providers are contractually bound to uphold strict confidentiality and data protection standards.
  • With other entities within the Dilmet group, to deliver integrated services across our platforms.
  • With legal or public authorities upon valid request, such as court orders or legal investigations.

All data sharing is conducted under signed data processing agreements (DPAs) or equivalent safeguards to ensure compliance with PDPL and GDPR.

6. International Data Transfers

In some cases, your data may be processed or stored outside of Bahrain or the European Economic Area (EEA). When such transfers occur, we ensure that adequate safeguards are in place, such as:

  • Binding corporate rules
  • Standard contractual clauses approved by regulatory bodies
  • Transfers to jurisdictions recognized as having adequate data protection laws
  • Encryption and pseudonymization during transfer

We take all reasonable measures to ensure your data remains protected regardless of location.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. The retention period may vary depending on the nature of the data:

  • Financial and biometric data are retained for up to 10 years or in accordance with legal retention rules.
  • User account data is kept until the account is deleted or inactive for more than 24 months.
  • Marketing preferences are retained only while consent is valid and may be withdrawn at any time.

After expiration of the retention period, data may be securely deleted or anonymized for research and analytics.

8. Your Rights

As a data subject, you have several rights under both PDPL and GDPR. These include:

  • Right to Access – You can request a copy of the personal data we hold about you.
  • Right to Rectification – You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten) – You may request deletion of your data under specific conditions.
  • Right to Restrict Processing – You can ask us to limit how your data is used.
  • Right to Data Portability – You can request your data in a structured format for transfer to another service.
  • Right to Object – You may object to processing based on legitimate interest or direct marketing.
  • Right to Withdraw Consent – If you previously consented to data collection, you can withdraw it at any time.

To exercise any of these rights, please email us at privacy@dilmet.io. We will respond within the legally required timeframe.

9. Data Security

We implement a comprehensive range of technical and organizational measures to protect your data. These include:

  • End-to-end encryption and tokenization of sensitive information
  • Biometric hashing for identity verification
  • Multi-factor authentication and secure login procedures
  • ISO/IEC 27001-aligned security policies
  • Regular vulnerability testing and security audits

Despite our best efforts, no system is completely immune to breaches. We have a robust incident response plan in place and will notify you promptly in the event of a data breach affecting your rights.

10. Children’s Privacy

Our services are intended for users who are 18 years of age or older. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor without verified parental consent, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal obligations. If we make significant changes, we will notify you via email or in-app notification. You are encouraged to review this policy regularly to stay informed.

DILMET

The Future of Banking